It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.

More... (http://news.typo3.org/news/article/security-bulletin-typo3-20080505-1-multiple-vulnerabilities-in-extension-mailformplus-th-mailformp/)